Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WebAuth + Passthru + PreAuth ACL with External WebServer problem - WLC5508


Setting up a guest-wireless access with a pair of WLC-5508 in HA running

The Web Auth policy is in Passthrough mode with a redirection to an external web server. PreAuth ACL is mandatory for these controllers and it's configured like this:

Seq #1

Source: IP_Addr_External_Web_Server

Destination: Guest_Clients_Pool

Protocol: TCP

Source and Destination Ports: Any

Direction: Outbound

Action: Permit

Seq #2

Source: Guest_Clients_Pool

Destination: IP_Addr_External_Web_Server

Protocol: TCP

Source and Destination Ports: Any

Direction: Inbound

Action: Permit

Seq #3

Source: Any

Destination: Any

Protocol: Any

Source and Destination Ports: Any

Direction: Any

Action: Deny

However, it's not working :-(.

It's strange, though, that right after enabling all this, first time I connected a client it worked, but next clients can't load the web page they are redirected to and I can only see matches on the ACL for the Seq #3, no more matches on redirection traffic (allowed) anymore.

Even more strange: if I change the settings for the WLAN, saying for instance Internal Web Server serving the spalsh webpage and then apply, and after that go back to the desired config, applying again External WebAuth + PreAuth ACL, it works again .....only the first time! Next clients trying to connect can't load the webpage and again, no more matches on the allowed traffic.

Sounds like a bug to me but I'd like to know if someone has experienced something similar to this and if so, if found out a way of solving it.

Btw, when the Web Policy is configured for using the Internal (customised) Web Server, it always works (no ACL needed in this case) but I need to redirect the traffic to an External server.



  • Getting Started with Wireless